From: AOL Government
By Rich Mahler
Utility companies confront security challenges daily, especially those related to securing the North American power grid. Increasingly, they’re responding by implementing comprehensive cyber security plans across their business networks and their generation, transmission and distribution systems.
From broad-based threats against corporate e-mail systems to targeted spear-phishing attacks aimed at nuclear operations, utilities face new challenges regularly. A focus area is the regular increase of
vulnerabilities reported in the security of industrial control systems that monitor and control manage the power grid, as noted by the Department of Homeland Security and the media.
New threats to both IT and operational systems are arising as a result of the increasing complexity and interconnectivity of the smart grid. Utility resources are also challenged to balance system reliability
maintenance with implementing new technologies and meeting the requirements of increased regulation, oversight and compliance.
No wonder spending on cybersecurity for smart grid industrial control systems is expected to climb nearly 70 percent between 2012 and 2020 to $608 million, according to Pike Research, a part of Navigant’s energy practice. That figure would place cybersecurity spending behind only funding for distribution automation in terms of IT investment by utilities.
Breakthroughs in Cybersecurity
What’s Ahead in Utility Cybersecurity Trends
As for the latest trends in cybersecurity for the smart grid, Lockheed Martin and Pike Research consider these the most promising: They are:
- Mobile security: As mobile devices become more ubiquitous for both corporate and engineering staffs, utility CIOs will balance the user preference and cost saving potential of mobility and “bring your own device” programs with complete security programs for mobile computing.
- Improved security in devices: Grid equipment vendors are making strides to build security into their products and architectures, which will mitigate the amount of after-market security that is currently being “bolted on.” Doing so will continue to improve the products entering the market and will help products in the market to close the gap on the vulnerabilities.
- Enhanced Security Visibility for Control Systems: Industrial control systems will continue to see new technologies that will enhance the system logging and monitoring functions available to security personnel. Technology will also provide enhanced behavioral analysis and whitelisting to ensure that only authorized commands and regular reporting are flowing through the control system networks in a fast, reliable and secure manner.
- Adoption of Security Intelligence Methodologies: Leading utilities are adopting security intelligence management approaches, such as Lockheed Martin’s Cyber Kill Chain, that enable them to be predictive about threats targeting their organizations and systems. They do not have to rely on alarms from commercial-off-the-shelf products to tell them something is already happening in their environment.
- Continued focus on workforce education: Growing the number of skilled cybersecurity professionals available to the industry to meet current needs will require a comprehensive approach. This must include professional training for system operators, growth in cybersecurity programs offered through university programs at all levels, and a sustained focus on STEM outreach to students as early as kindergarten all the way through high school. Industry must encourage students to pursue the engineering degrees required to meet the workforce demands to address the current skills gap in the cybersecurity workforce.
It’s clear that the power grid will continue to face new and sophisticated threats as technology continues to evolve. To successfully meet this challenge, a comprehensive program and partnership is required. Utility personnel at all levels, the vendor community, security partners and educational institutions, working together, will continue to prove essential to the continued secure, reliable operations of the energy that powers our economy and our lives.
Rich Mahler is Senior Manager, Cyber Security Solutions at Lockheed Martin.